DDOS Attacks and How to Prevent Them

Background

Chidinma has been trying to get on The Way Forward site for about 20 minutes but it isn't loading. She checks with the security department and she is informed her that they're under attack.

There are several times more than the usual number of requests to connect to the site, but none of the computers where they’re coming from seem to exist. It’s like a distributed denial of service (DdoS) attack.

Malicious users often disrupt web services with distributed denial of service (DDoS) attacks. These attacks send so much junk to a server that real traffic can’t get through. It’s a very old and effective technique that malicious users often employ to try and shut down a website.

What is a DDoS attack?

To understand a DDoS attack, we’ll talk about denial of service and distributed denial of service attacks. The main difference between the two is in the number of attackers. A denial of service (DOS) attack comes from one person or network, while a distributed denial of service attack (DDoS) uses many computers from networks all over the world. This amplifies the attack, and makes it harder for the target to protect itself.

How a Denial of Service attack works

Simply, a DOS floods a server with a huge amount of fake traffic, giving it far too many connection requests to handle, raising its bandwidth, tapping out its memory and eventually preventing real users from connecting to the server.

But even when a botnet uses many computers to open up a large number of connections, this is still quite hard to do. So, attackers can magnify the attack by using fake IP addresses. The attacking machine sends a connection request to the server using a fake IP address. The server responds and waits indefinitely for a further response – keeping the connection open – but none comes because the IP address was fake. The botnet repeats the process, making the server keep a lot of useless connections open and lose more and more memory until can’t cope any more and shuts down.

The strategy works and has slowed or crashed prominent websites. However, companies have begun to take precautions.

Defending against a DDoS attack

There are a few defences.

Filtering: This works when routers on the network are programmed to detect and disconnect DDoS connections.

Moving defence: which takes place when the target site’s IP address is changed if the attack is pointed at a particular IP address.

Blackholing, or directing all traffic to a fake web address.

The last is to simply use Content Delivery Networks (CDNs) like CloudFlare or Incapsula.